Amendments to the Claims 



Kindly amend claims 1,3, 17 & 20, as set forth below. All pending claims are 
reproduced below, with changes in the amended claims shown by underlining (for added matter) 
and strikethrough/double brackets (for deleted matter), 

1 . (Currently Amended) Method for downloading application components from a 
server via a client to a multifunction , processor-based smart card, wherein the server and the 
client are interconnected via a distributed system, said method comprising: 

a) sending a request from the client to the server for a smart card 
application component for the processor-based smart card ; 

b) delivery of a secret key or Session Key by the server to the client, 
responsive to the request; 

c) bundling in the server a sequence of commands to produce a 
bundled command sequence for dovraloading of the application component to the 
smart card; 

d) generation of a digital signature in the server using the secret key 
or Session Key by way of each command within the bundled command sequence 
to produce a signed, bundled command sequence comprising a bundled sequence 
of individually signed commands : 

e) transmission of the signed, bundled command sequence as a data packet 
to the client, wh e r e in transmission of th e sign e d, bundl e d command s e qu e nc e as 
th e data pack e t r e duc e s thereby reducing data transfers between the server and the 
client; 

f) unpacking of the data packet by the client and transmission of 
[[the]] individual signed commands of the bxmdled command sequence in 
sequence to the smart card; and 
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g) checking of the digital signature of the individual commands on 
the smart card and execution of the commands on the smart card if the digital 
signature is correct. 

2. (Previously Presented) Method in accordance v^ith Claim 1 , wherein the 
authentication method for generation of the Session Key is selected by: 

a) transmission of a request from the server via the client to the smart 
card to transmit the smart card identification data stored on the smart card; 

b) reading of the smart card identification data from the nonvolatile 
memory of the smart card and transmission of the smart card identification data 
via the client to the server; and 

c) identification from the smart card identification data of an 
authentication method by means of which a Session Key agreed between the 
server and the smart card can be generated. 

3, (Currently Amended) Method in accordance with Claim 2, wherein the Session 
Key is determined by an authentication method comprising: 

a) generation of a first random number and selection of a secret key 
by the server; 

b) transmission of the first random number in accordance with step a) 
via the client to the smart card; 

c) generation of a second random number by the smart card; 

d) creation of a Session Key from the first and second random 
numbers and th e transmitt e d k e y s; 

e) encrypting the first and second random numbers and transmitting 
the first and second encrypted random numbers and the second random number 
generated by the smart card to the server; and 
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f) generation of a Session Key by the server and checking of the first 
and second encrypted random numbers, and the second random number with the 
aid of the Session Key. 

4. (Original) Method in accordance with Claim 1, wherein the distributed System is 
an intranet or an Internet. 

5. (Original) Method in accordance with Claim 1, wherein communication between 
the server and the client runs via SSL (Secure Sockets Layer) as the transfer protocol. 

6. (Previously Presented) Method in accordance with Claim 1, wherein on the 
server a runtime program exists which communicates with the client and uses the keys accessible 
to the server as necessary, and defines the protocol specifying when which messages must be 
exchanged with the client and when which keys must be used; and that on the client a runtime 
program exists which communicates both with the smart card and with the server and which 
implements the protocol defining when which messages must be exchanged with the smart card 
and the server. 

7. (Previously Presented) Method in accordance with Claim 1, wherein the smart 
card includes smart card identification data, the smart card identification data including as a 
minimum a smart card serial number and a smart card type. 

8. (Previously Presented) Method in accordance with Claim 1, wherein the digital 
signature is executed by way of a symmetrical cryptoalgorithm with the aid of the Session Key 
agreed between the client and the server, or by way of an asymmetrical cryptoalgorithm with the 
aid of a private key located on the smart card, wherein the server is in possession of the public 
key. 

9. (Original) Method in accordance with Claim 8, wherein the symmetrical 
cryptoalgorithm is DBS or Triple-DES and the asymmetrical cryptoalgorithm is RSA, DSA or an 
Elliptic Curve algorithm. 

10. (Previously Presented) Method in accordance with Claim 3, wherein the secret 
key is derived from the smart card identification data and the Master Key. 
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1 1 . (Previously Presented) Method in accordance with Claim 1, wherein the 
command sequence as a minimum comprises an Install command, one or more Load commands 
and a final Install command, and is stored in an Application Protocol Data Unit structure. 

12. (Original) Method in accordance with Claim 1, wherein each command within 
the command sequence is encrypted by means of the Session Key. 

13. (Original) Method in accordance with Claim 1, wherein the command sequence 
is a predefined sequence for a specific application which is stored in the nonvolatile memory of 
the server and is loaded into volatile memory of the server during the program runtime. 

14. (Previously Presented) Method in accordance with Claim 1 , wherein the 
command sequence is generated by the server program, and wherein on the server a runtime 
program exists which communicates with the client and uses the keys accessible to the server as 
necessary, and defines the protocol specifying when which messages must be exchanged with the 
client and when which keys must be used; and that on the client a runtime program exists which 
communicates both with the smart card and with the server and which implements the protocol 
defining when which messages must be exchanged with the smart card and the server. 

15. (Original) Method in accordance with Claim 14, wherein card-specific data are 
integrated into the command sequence. 

16. (Previously Presented) Method in accordance with Claim 13, wherein the first 
command within the sequence is assigned a MAC (message authentication code) with the aid of 
a random number and the secret key and all subsequent commands are assigned a MAC based on 
the MAC of the preceding command and the key. 

17. (Currently Amended) Device including at least the following components: 
a) Client at least including: 

aa) a Browser 
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bb) a computer program product to execute sending of a 
request for a smart card application component, and unpacking of a data 
packet comprising a signed command sequence and transmission of 
individual commands thereof in sequence to a processor-based smart card 

cc) a reader for the smart card 

b) Server including at least: 

aa) a computer program product to execute: 

i) delivery of a secret code or Session Key by 
the server to the client responsive to the request 

ii) bundling in the server a sequence of 
commands to produce a bundled command sequence for 
downloading of the smart card application component to 
the smart card 

iii) generation of a digital signature in the server 
using the secret key or Session Key by v^ay of each 
command within the command sequence to produce a 
signed, bundled command sequence comprising a bundled 
sequence of individually signed commands 

iv) transmission of the signed, bundled 
command sequence as the data packet to the client, wh e r e in 
transmission of th e sign e d, bundl e d command s e qu e nc e as 
th e data pack e t r e duc e s thereby reducing data transfers 
between the server and the client 

bb) a nonvolatile memory to store the secret keys and the 
Master Key 

c) Communication link between client and server. 
18. (Canceled). 
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19. (Previously Presented) Client in accordance with Claim 17 further including: 

a) a smart card reader 

b) a smart card with a nonvolatile memory at least containing the 
following data: 

aa) a card number 
bb) a card type 
cc) a secret key. 

20. (Currently Amended) Computer program product stored in the internal memory 
of a digital computer, containing elements of software code to execute a method for downloading 
application components from a server via a client to a processor-based smart card, wherein the 
server and the client are interconnected via a distributed system, said method comprising: 

a) sending a request from the client to the server for a smart card 
application component for the processor-based smart card ; 

b) delivery of a secret key or Session Key by the server to the client, 
responsive to the request; 

c) bundling in the server a sequence of commands to produce a 
bundled command sequence for downloading of the application component to the 
smart card; 

d) generation of a digital signature in the server using the secret key 
or Session Key by way of each command within the bundled command sequence 
to produce a signed, bundled command sequence comprising a bundled sequence 
of individually signed commands ; 

e) transmission of the signed, bundled command sequence as a data packet 
to the client, wh e r e in transmission of th e sign e d, bundl e d command s e qu e nc e as 
th e data packet r e duc e s thereby reducing data transfers between the server and the 
client; 
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f) unpacking of the data packet by the client and transmission of 
[[the]] individual signed commands of the bundled command sequence in 
sequence to the smart card; and 

g) checking of the digital signature of the individual commands on 
the smart card and execution of the commands on the smart card if the digital 
signature is correct. 
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